onlyoneaman/rails_fb_validate_payload.rb

## rails_fb_validate_payload.rb
class HooksController < ApplicationController

  def handle_webhook
    payload = request.body.read
    sig_header = request.headers["X-Hub-Signature"]
    sig_header.slice! "sha1="
    app_secret = Figaro.env.FB_APP_SECRET
    sign = get_sha_sign(payload, app_secret)
    if sign != sig_header
      raise BaseError::InvalidRequest.new("Invalid Signature")
    end
    render plain: "OK"
  end

  private

  def get_sha_sign(payload, app_secret)
    return OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), app_secret.encode("ASCII"), payload.encode("ASCII"))
  end

end
	class HooksController < ApplicationController

	def handle_webhook
	payload = request.body.read
	sig_header = request.headers["X-Hub-Signature"]
	sig_header.slice! "sha1="
	app_secret = Figaro.env.FB_APP_SECRET
	sign = get_sha_sign(payload, app_secret)
	if sign != sig_header
	raise BaseError::InvalidRequest.new("Invalid Signature")
	end
	render plain: "OK"
	end

	private

	def get_sha_sign(payload, app_secret)
	return OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), app_secret.encode("ASCII"), payload.encode("ASCII"))
	end

	end